A identity security manager at Microsoft recently wrote a blog post talking about how hackers use passwords to try to break in to systems using Microsoft programs.
Called “Your Pa$$word doesn’t matter,” the piece by Microsoft’s Alex Weinert walks through various ways hackers use passwords.
The list above represents the top 10 passwords hackers test to see if a stolen email works, according to Weinert.
Even if you are not an IT person, here are some takeaways in the article.
1. If you use Multi-factor authentication (MFA or 2FA) on your accounts, Microsoft believes you are 99.9 percent secured from an attack, today.
There are a few instances when 2FA systems, particularly getting a code texted to your phone, have been hacked. But to date, that is still very rare, and other second-factor authentications, including Microsoft and Google Authenticator apps, are good to use.
2. If you insist on using a six-digit password, know that hackers can guess it in eight seconds. Hackers have tools that can run through more than 782 billion combinations in eight seconds.
3. If you use a nine-digit password, it will take a hacker 80 days to crack it. More likely a hacker will move on to an easier target.
4. If, like the Michael Scott meme, you use “incorrect” as your password, yes, that is a nine-digit password. But it is a dictionary word – and so it too will be easily guessed.
Weinert says hackers have lists of 500 million possible passwords, which he describes as “every password anyone has ever thought of, ever.”
So get yourself in the habit of using multifactor authentication on ALL your accounts if you do nothing else.